Is CVE-2018-11770 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Spark

CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a s…

EPSS: 0.890 (99.5th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Spark — versions 1.3.0

Public proof-of-concept exploits

References

spark.apache.org/security.html (x_refsource_CONFIRM)
[dev] 20180813 CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication (mailing-list, x_refsource_MLIST)
105097 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-11770?: CVE-2018-11770 is a vulnerability in Apache Software Foundation Spark. Published 2018-08-13.
Is CVE-2018-11770 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.